On Thu, Sep 02, 2010 at 11:53 +0200, Mike Belopuhov wrote:
> On Mon, Aug 30, 2010 at 22:27 +0200, Mike Belopuhov wrote:
> > ipsecctl part.
> >
>
> Fixed manual key for gcm and cbc (apparently somebody forgot it).
> Note that gcm spec says you should not use manual keys.
>
- dropped support for "aes-gcm" and "aes-gmac" aliases;
- fixed up a lost flag and style nit spotted by naddy;
Index: ike.c
===================================================================
RCS file: /home/cvs/src/sbin/ipsecctl/ike.c,v
retrieving revision 1.67
diff -u -p -r1.67 ike.c
--- ike.c 4 Oct 2009 11:39:32 -0000 1.67
+++ ike.c 6 Sep 2010 14:30:01 -0000
@@ -161,6 +161,7 @@ static int
ike_section_p2(struct ipsec_rule *r, FILE *fd)
{
char *exchange_type, *sprefix;
+ int needauth = 1;
switch (r->p2ie) {
case IKE_QM:
@@ -224,6 +225,30 @@ ike_section_p2(struct ipsec_rule *r, FIL
case ENCXF_AESCTR:
fprintf(fd, "AESCTR");
break;
+ case ENCXF_AES_128_GCM:
+ fprintf(fd, "AESGCM-128");
+ needauth = 0;
+ break;
+ case ENCXF_AES_192_GCM:
+ fprintf(fd, "AESGCM-192");
+ needauth = 0;
+ break;
+ case ENCXF_AES_256_GCM:
+ fprintf(fd, "AESGCM-256");
+ needauth = 0;
+ break;
+ case ENCXF_AES_128_GMAC:
+ fprintf(fd, "AESGMAC-128");
+ needauth = 0;
+ break;
+ case ENCXF_AES_192_GMAC:
+ fprintf(fd, "AESGMAC-192");
+ needauth = 0;
+ break;
+ case ENCXF_AES_256_GMAC:
+ fprintf(fd, "AESGMAC-256");
+ needauth = 0;
+ break;
case ENCXF_BLOWFISH:
fprintf(fd, "BLF");
break;
@@ -232,6 +257,7 @@ ike_section_p2(struct ipsec_rule *r, FIL
break;
case ENCXF_NULL:
fprintf(fd, "NULL");
+ needauth = 0;
break;
default:
warnx("illegal transform %s",
@@ -270,43 +296,44 @@ ike_section_p2(struct ipsec_rule *r, FIL
warnx("illegal transform %s", r->p2xfs->authxf->name);
return (-1);
}
- } else
- fprintf(fd, "SHA2-256");
+ fprintf(fd, "-");
+ } else if (needauth)
+ fprintf(fd, "SHA2-256-");
if (r->p2xfs && r->p2xfs->groupxf) {
switch (r->p2xfs->groupxf->id) {
case GROUPXF_NONE:
break;
case GROUPXF_768:
- fprintf(fd, "-PFS-GRP1");
+ fprintf(fd, "PFS-GRP1");
break;
case GROUPXF_1024:
- fprintf(fd, "-PFS-GRP2");
+ fprintf(fd, "PFS-GRP2");
break;
case GROUPXF_1536:
- fprintf(fd, "-PFS-GRP5");
+ fprintf(fd, "PFS-GRP5");
break;
case GROUPXF_2048:
- fprintf(fd, "-PFS-GRP14");
+ fprintf(fd, "PFS-GRP14");
break;
case GROUPXF_3072:
- fprintf(fd, "-PFS-GRP15");
+ fprintf(fd, "PFS-GRP15");
break;
case GROUPXF_4096:
- fprintf(fd, "-PFS-GRP16");
+ fprintf(fd, "PFS-GRP16");
break;
case GROUPXF_6144:
- fprintf(fd, "-PFS-GRP17");
+ fprintf(fd, "PFS-GRP17");
break;
case GROUPXF_8192:
- fprintf(fd, "-PFS-GRP18");
+ fprintf(fd, "PFS-GRP18");
break;
default:
warnx("illegal group %s", r->p2xfs->groupxf->name);
return (-1);
};
} else
- fprintf(fd, "-PFS");
+ fprintf(fd, "PFS");
fprintf(fd, "-SUITE force\n");
return (0);
Index: ipsec.conf.5
===================================================================
RCS file: /home/cvs/src/sbin/ipsecctl/ipsec.conf.5,v
retrieving revision 1.126
diff -u -p -r1.126 ipsec.conf.5
--- ipsec.conf.5 7 Jun 2010 08:32:58 -0000 1.126
+++ ipsec.conf.5 6 Sep 2010 11:41:52 -0000
@@ -612,6 +612,12 @@ keyword:
.It Li aes-192 Ta "192 bits"
.It Li aes-256 Ta "256 bits"
.It Li aesctr Ta "160 bits" Ta "[phase 2 only]"
+.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only]"
+.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only]"
+.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only]"
+.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only]"
+.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only]"
+.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only]"
.It Li blowfish Ta "160 bits"
.It Li cast Ta "128 bits"
.It Li skipjack Ta "80 bits"
@@ -630,6 +636,10 @@ This is because the most significant bit
The keysize of AES-CTR is actually 128-bit.
However as well as the key, a 32-bit nonce has to be supplied.
Thus 160 bits of key material have to be supplied.
+The same applies to AES-GCM and AES-GMAC.
+.Pp
+Please note that AES-GMAC performs no encryption and provides no
+confidentiality.
.Pp
Using NULL with ESP will only provide authentication.
This is useful in setups where AH can not be used, e.g. when NAT is involved.
Index: ipsecctl.h
===================================================================
RCS file: /home/cvs/src/sbin/ipsecctl/ipsecctl.h,v
retrieving revision 1.59
diff -u -p -r1.59 ipsecctl.h
--- ipsecctl.h 4 Aug 2009 15:05:50 -0000 1.59
+++ ipsecctl.h 6 Sep 2010 11:42:32 -0000
@@ -63,7 +63,9 @@ enum {
};
enum {
ENCXF_UNKNOWN, ENCXF_NONE, ENCXF_3DES_CBC, ENCXF_DES_CBC, ENCXF_AES,
- ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR,
+ ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR,
+ ENCXF_AES_128_GCM, ENCXF_AES_192_GCM, ENCXF_AES_256_GCM,
+ ENCXF_AES_128_GMAC, ENCXF_AES_192_GMAC, ENCXF_AES_256_GMAC,
ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL, ENCXF_SKIPJACK
};
enum {
@@ -140,6 +142,7 @@ struct ipsec_xf {
u_int16_t id;
size_t keymin;
size_t keymax;
+ int noauth;
};
struct ipsec_transforms {
Index: parse.y
===================================================================
RCS file: /home/cvs/src/sbin/ipsecctl/parse.y,v
retrieving revision 1.148
diff -u -p -r1.148 parse.y
--- parse.y 3 Aug 2010 18:42:40 -0000 1.148
+++ parse.y 6 Sep 2010 14:35:02 -0000
@@ -98,20 +98,26 @@ const struct ipsec_xf authxfs[] = {
};
const struct ipsec_xf encxfs[] = {
- { "unknown", ENCXF_UNKNOWN, 0, 0 },
- { "none", ENCXF_NONE, 0, 0 },
- { "3des-cbc", ENCXF_3DES_CBC, 24, 24 },
- { "des-cbc", ENCXF_DES_CBC, 8, 8 },
- { "aes", ENCXF_AES, 16, 32 },
- { "aes-128", ENCXF_AES_128, 16, 16 },
- { "aes-192", ENCXF_AES_192, 24, 24 },
- { "aes-256", ENCXF_AES_256, 32, 32 },
- { "aesctr", ENCXF_AESCTR, 16+4, 32+4 },
- { "blowfish", ENCXF_BLOWFISH, 5, 56 },
- { "cast128", ENCXF_CAST128, 5, 16 },
- { "null", ENCXF_NULL, 0, 0 },
- { "skipjack", ENCXF_SKIPJACK, 10, 10 },
- { NULL, 0, 0, 0 },
+ { "unknown", ENCXF_UNKNOWN, 0, 0, 0 },
+ { "none", ENCXF_NONE, 0, 0, 0 },
+ { "3des-cbc", ENCXF_3DES_CBC, 24, 24, 0 },
+ { "des-cbc", ENCXF_DES_CBC, 8, 8, 0 },
+ { "aes", ENCXF_AES, 16, 32, 0 },
+ { "aes-128", ENCXF_AES_128, 16, 16, 0 },
+ { "aes-192", ENCXF_AES_192, 24, 24, 0 },
+ { "aes-256", ENCXF_AES_256, 32, 32, 0 },
+ { "aesctr", ENCXF_AESCTR, 16+4, 32+4, 0 },
+ { "aes-128-gcm", ENCXF_AES_128_GCM, 16+4, 16+4, 1 },
+ { "aes-192-gcm", ENCXF_AES_192_GCM, 24+4, 24+4, 1 },
+ { "aes-256-gcm", ENCXF_AES_256_GCM, 32+4, 32+4, 1 },
+ { "aes-128-gmac", ENCXF_AES_128_GMAC, 16+4, 16+4, 1 },
+ { "aes-192-gmac", ENCXF_AES_192_GMAC, 24+4, 24+4, 1 },
+ { "aes-256-gmac", ENCXF_AES_256_GMAC, 32+4, 32+4, 1 },
+ { "blowfish", ENCXF_BLOWFISH, 5, 56, 0 },
+ { "cast128", ENCXF_CAST128, 5, 16, 0 },
+ { "null", ENCXF_NULL, 0, 0, 1 },
+ { "skipjack", ENCXF_SKIPJACK, 10, 10, 0 },
+ { NULL, 0, 0, 0, 0 },
};
const struct ipsec_xf compxfs[] = {
@@ -2209,7 +2215,7 @@ validate_sa(u_int32_t spi, u_int8_t saty
yyerror("esp does not provide compression");
return (0);
}
- if (!xfs->authxf)
+ if (!xfs->authxf && (xfs->encxf && !xfs->encxf->noauth))
xfs->authxf = &authxfs[AUTHXF_HMAC_SHA2_256];
if (!xfs->encxf)
xfs->encxf = &encxfs[ENCXF_AES];
Index: pfkdump.c
===================================================================
RCS file: /home/cvs/src/sbin/ipsecctl/pfkdump.c,v
retrieving revision 1.27
diff -u -p -r1.27 pfkdump.c
--- pfkdump.c 1 Jul 2010 02:11:35 -0000 1.27
+++ pfkdump.c 1 Sep 2010 16:20:32 -0000
@@ -153,6 +153,9 @@ struct idname auth_types[] = {
{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", NULL },
{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", NULL },
{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", NULL },
+ { SADB_X_AALG_AES128GMAC, "gmac-aes-128", NULL },
+ { SADB_X_AALG_AES192GMAC, "gmac-aes-192", NULL },
+ { SADB_X_AALG_AES256GMAC, "gmac-aes-256", NULL },
{ SADB_X_AALG_MD5, "md5", NULL },
{ SADB_X_AALG_SHA1, "sha1", NULL },
{ 0, NULL, NULL }
@@ -171,6 +174,8 @@ struct idname enc_types[] = {
{ SADB_X_EALG_3IDEA, "idea3", NULL },
{ SADB_X_EALG_AES, "aes", NULL },
{ SADB_X_EALG_AESCTR, "aesctr", NULL },
+ { SADB_X_EALG_AESGCM16, "aes-gcm", NULL },
+ { SADB_X_EALG_AESGMAC, "aes-gmac", NULL },
{ SADB_X_EALG_BLF, "blowfish", NULL },
{ SADB_X_EALG_CAST, "cast128", NULL },
{ SADB_X_EALG_DES_IV32, "des-iv32", NULL },
@@ -707,6 +712,32 @@ pfkey_print_sa(struct sadb_msg *msg, int
break;
case SADB_X_EALG_AESCTR:
xfs.encxf = &encxfs[ENCXF_AESCTR];
+ break;
+ case SADB_X_EALG_AESGCM16:
+ switch (r.enckey->len) {
+ case 28:
+ xfs.encxf = &encxfs[ENCXF_AES_192_GCM];
+ break;
+ case 36:
+ xfs.encxf = &encxfs[ENCXF_AES_256_GCM];
+ break;
+ default:
+ xfs.encxf = &encxfs[ENCXF_AES_128_GCM];
+ break;
+ }
+ break;
+ case SADB_X_EALG_AESGMAC:
+ switch (r.enckey->len) {
+ case 28:
+ xfs.encxf = &encxfs[ENCXF_AES_192_GMAC];
+ break;
+ case 36:
+ xfs.encxf = &encxfs[ENCXF_AES_256_GMAC];
+ break;
+ default:
+ xfs.encxf = &encxfs[ENCXF_AES_128_GMAC];
+ break;
+ }
break;
case SADB_X_EALG_BLF:
xfs.encxf = &encxfs[ENCXF_BLOWFISH];
Index: pfkey.c
===================================================================
RCS file: /home/cvs/src/sbin/ipsecctl/pfkey.c,v
retrieving revision 1.49
diff -u -p -r1.49 pfkey.c
--- pfkey.c 22 Dec 2008 17:00:37 -0000 1.49
+++ pfkey.c 6 Sep 2010 11:43:28 -0000
@@ -488,10 +488,23 @@ pfkey_sa(int sd, u_int8_t satype, u_int8
sa.sadb_sa_encrypt = SADB_EALG_DESCBC;
break;
case ENCXF_AES:
+ case ENCXF_AES_128:
+ case ENCXF_AES_192:
+ case ENCXF_AES_256:
sa.sadb_sa_encrypt = SADB_X_EALG_AES;
break;
case ENCXF_AESCTR:
sa.sadb_sa_encrypt = SADB_X_EALG_AESCTR;
+ break;
+ case ENCXF_AES_128_GCM:
+ case ENCXF_AES_192_GCM:
+ case ENCXF_AES_256_GCM:
+ sa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16;
+ break;
+ case ENCXF_AES_128_GMAC:
+ case ENCXF_AES_192_GMAC:
+ case ENCXF_AES_256_GMAC:
+ sa.sadb_sa_encrypt = SADB_X_EALG_AESGMAC;
break;
case ENCXF_BLOWFISH:
sa.sadb_sa_encrypt = SADB_X_EALG_BLF;
